Fundamental flaws uncovered in Mega's encryption scheme — show the service can read your data
MEGA's system does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files — the researchers wrote on a website. Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice, which pass all authenticity checks of the client. We built proof-of-concept versions of all the attacks — showcasing their practicality and exploitability.
https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/
#mega #vulnerability #cloud #data
MEGA's system does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files — the researchers wrote on a website. Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice, which pass all authenticity checks of the client. We built proof-of-concept versions of all the attacks — showcasing their practicality and exploitability.
https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/
#mega #vulnerability #cloud #data
Ars Technica
Mega says it can’t decrypt your files. New POC exploit shows otherwise
Fundamental flaws uncovered in Mega's encryption scheme show service can read your data.
MEGA Security Update
https://blog.mega.io/mega-security-update
Today, MEGA has released software updates that fix a critical vulnerability reported by researchers at one of Europe’s leading universities, ETH Zurich, Switzerland. Further updates addressing less severe identified issues will follow in the near future. MEGA is not aware of any user accounts being compromised by these vulnerabilities.
Who is potentially affected?
Customers who have logged into their MEGA account at least 512 times (the more, the higher the exposure). Note that resuming an existing session does not count as a login. While all MEGA client products use permanent sessions by default, some third-party clients such as Rclone do not, so their users may be exposed.
Who could have exploited the vulnerability?
Very few: An attacker would have had to first gain control over the heart of MEGA’s server infrastructure or achieve a successful man-in-the-middle attack on the user’s TLS connection to MEGA.
What could have been the outcome?
Once a targeted account had made enough successful logins, incoming shared folders, MEGAdrop files and chats could have been decryptable. Files in the cloud drive could have been successively decrypted during subsequent logins. Furthermore, files could have been placed in the account that appear to have been uploaded by the account holder (a “framing” attack).
#mega #cloud #vulnerability
https://blog.mega.io/mega-security-update
Today, MEGA has released software updates that fix a critical vulnerability reported by researchers at one of Europe’s leading universities, ETH Zurich, Switzerland. Further updates addressing less severe identified issues will follow in the near future. MEGA is not aware of any user accounts being compromised by these vulnerabilities.
Who is potentially affected?
Customers who have logged into their MEGA account at least 512 times (the more, the higher the exposure). Note that resuming an existing session does not count as a login. While all MEGA client products use permanent sessions by default, some third-party clients such as Rclone do not, so their users may be exposed.
Who could have exploited the vulnerability?
Very few: An attacker would have had to first gain control over the heart of MEGA’s server infrastructure or achieve a successful man-in-the-middle attack on the user’s TLS connection to MEGA.
What could have been the outcome?
Once a targeted account had made enough successful logins, incoming shared folders, MEGAdrop files and chats could have been decryptable. Files in the cloud drive could have been successively decrypted during subsequent logins. Furthermore, files could have been placed in the account that appear to have been uploaded by the account holder (a “framing” attack).
#mega #cloud #vulnerability
Mega Blog
MEGA Security Update June 2022 - MEGA Blog
MEGA has released software updates to patch critical vulnerabilities discovered by researchers at ETH Zurich.
The Chain of Custody: The "Mafia" Holding The Elite's Bitcoin
The companies poised to dominate the digital financial infrastructure of Latin America have arisen courtesy of the self-described "mafia" multiplier, Endeavor. Flush with funds from billionaires linked to the US intelligence and organized crime, Endeavor's influence over the CEOs it has championed promises that, with the ushering in of a new financial system, a wave of covert dollarization will shortly follow.
Via @unlimitedhangout
#Mafia #Mossad #CIA #DeepState #SiliconValley #Epstein #Mega #StartUp #Capitalism #Endeavour
The companies poised to dominate the digital financial infrastructure of Latin America have arisen courtesy of the self-described "mafia" multiplier, Endeavor. Flush with funds from billionaires linked to the US intelligence and organized crime, Endeavor's influence over the CEOs it has championed promises that, with the ushering in of a new financial system, a wave of covert dollarization will shortly follow.
Via @unlimitedhangout
#Mafia #Mossad #CIA #DeepState #SiliconValley #Epstein #Mega #StartUp #Capitalism #Endeavour
THE ORIGINS OF THE #MEGA GROUP #MAFIA
The Mega Group — a secretive group of billionaires formed in 1991 by Charles #Bronfman and Leslie #Wexner, the latter of whom has received considerable media scrutiny following the July arrest of his former protege Jeffrey Epstein. Media profiles of the group paint it as “a loosely organized club of 20 of the nation’s wealthiest and most influential Jewish businessmen” focused on “philanthropy and jewishness,” with membership dues upwards of $30,000 per year. Yet several of its most prominent members have ties to organized crime.
Mega Group members founded and/or are closely associated with some of the most well-known pro-Israel organizations. For instance, members Charles Bronfman and Michael Steinhardt formed Birthright Taglit with the backing of then- and current Prime Minister Benjamin Netanyahu. Steinhardt, an atheist, has stated that his motivation in helping to found the group was to advance his own belief that devotion to and faith in the state of Israel should serve as “a substitute for [jewish] theology.”
Other well-known groups associated with the Mega Group include the World jewish Congress — whose past president, Edgar Bronfman, and current president, Ronald #Lauder, are both Mega Group members — and B’nai B’rith, particularly its spin-off known as the Anti-Defamation League (ADL). The Bronfman brothers were major donors to the #ADL, with Edgar Bronfman serving as the ADL’s honorary national vice-chair for several years.
https://www.mintpressnews.com/mega-group-maxwells-mossad-spy-story-jeffrey-epstein-scandal/261172/
The Mega Group — a secretive group of billionaires formed in 1991 by Charles #Bronfman and Leslie #Wexner, the latter of whom has received considerable media scrutiny following the July arrest of his former protege Jeffrey Epstein. Media profiles of the group paint it as “a loosely organized club of 20 of the nation’s wealthiest and most influential Jewish businessmen” focused on “philanthropy and jewishness,” with membership dues upwards of $30,000 per year. Yet several of its most prominent members have ties to organized crime.
Mega Group members founded and/or are closely associated with some of the most well-known pro-Israel organizations. For instance, members Charles Bronfman and Michael Steinhardt formed Birthright Taglit with the backing of then- and current Prime Minister Benjamin Netanyahu. Steinhardt, an atheist, has stated that his motivation in helping to found the group was to advance his own belief that devotion to and faith in the state of Israel should serve as “a substitute for [jewish] theology.”
Other well-known groups associated with the Mega Group include the World jewish Congress — whose past president, Edgar Bronfman, and current president, Ronald #Lauder, are both Mega Group members — and B’nai B’rith, particularly its spin-off known as the Anti-Defamation League (ADL). The Bronfman brothers were major donors to the #ADL, with Edgar Bronfman serving as the ADL’s honorary national vice-chair for several years.
https://www.mintpressnews.com/mega-group-maxwells-mossad-spy-story-jeffrey-epstein-scandal/261172/
MintPress News
Mega Group, Maxwells and Mossad: The Spy Story at the Heart of the Jeffrey Epstein Scandal
Whitney Webb continues her Too Big to Fail series connecting the myriad dots between the Mega Group, Mossad and the Jeffrey Epstein scandal.